|
 |
f282d1 |
From b84714a47a3a1ec646bbd489442b305c84b35e15 Mon Sep 17 00:00:00 2001
|
|
|
f282d1 |
From: jeromemarchand <38073585+jeromemarchand@users.noreply.github.com>
|
|
|
f282d1 |
Date: Wed, 8 Aug 2018 18:09:44 +0200
|
|
|
f282d1 |
Subject: [PATCH] Miscellaneous fixes (#1914)
|
|
|
f282d1 |
|
|
|
f282d1 |
* Fix multiple memory access errors
|
|
|
f282d1 |
|
|
|
f282d1 |
Fixes a buffer overflow in get_pid_exe(), a use-after-free error in
|
|
|
f282d1 |
bcc_usdt_get_probe_argctype() and a possible NULL pointer dereference
|
|
|
f282d1 |
in find_debug_via_debuglink().
|
|
|
f282d1 |
|
|
|
f282d1 |
* Fix multiple ressource leaks
|
|
|
f282d1 |
|
|
|
f282d1 |
Leaked file descriptors in bpf_attach_uprobe() and verify_checksum().
|
|
|
f282d1 |
Memory leaks in Parser::func_add() and bcc_procutils_language().
|
|
|
f282d1 |
|
|
|
f282d1 |
* fixup! Fix multiple ressource leaks
|
|
|
f282d1 |
---
|
|
|
f282d1 |
src/cc/bcc_elf.c | 6 ++++--
|
|
|
f282d1 |
src/cc/bcc_proc.c | 4 +++-
|
|
|
f282d1 |
src/cc/common.cc | 2 ++
|
|
|
f282d1 |
src/cc/frontends/b/parser.cc | 4 +++-
|
|
|
f282d1 |
src/cc/libbpf.c | 1 +
|
|
|
f282d1 |
src/cc/usdt/usdt.cc | 5 +++--
|
|
|
f282d1 |
6 files changed, 16 insertions(+), 6 deletions(-)
|
|
|
f282d1 |
|
|
|
f282d1 |
diff --git a/src/cc/bcc_elf.c b/src/cc/bcc_elf.c
|
|
|
f282d1 |
index e848912..c425db6 100644
|
|
|
f282d1 |
--- a/src/cc/bcc_elf.c
|
|
|
f282d1 |
+++ b/src/cc/bcc_elf.c
|
|
|
f282d1 |
@@ -377,8 +377,10 @@ static int verify_checksum(const char *file, unsigned int crc) {
|
|
|
f282d1 |
if (fd < 0)
|
|
|
f282d1 |
return 0;
|
|
|
f282d1 |
|
|
|
f282d1 |
- if (fstat(fd, &st) < 0)
|
|
|
f282d1 |
+ if (fstat(fd, &st) < 0) {
|
|
|
f282d1 |
+ close(fd);
|
|
|
f282d1 |
return 0;
|
|
|
f282d1 |
+ }
|
|
|
f282d1 |
|
|
|
f282d1 |
buf = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
|
|
|
f282d1 |
if (!buf) {
|
|
|
f282d1 |
@@ -433,7 +435,7 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath,
|
|
|
f282d1 |
|
|
|
f282d1 |
DONE:
|
|
|
f282d1 |
free(bindir);
|
|
|
f282d1 |
- if (check_crc && !verify_checksum(res, crc))
|
|
|
f282d1 |
+ if (res && check_crc && !verify_checksum(res, crc))
|
|
|
f282d1 |
return NULL;
|
|
|
f282d1 |
return res;
|
|
|
f282d1 |
}
|
|
|
f282d1 |
diff --git a/src/cc/bcc_proc.c b/src/cc/bcc_proc.c
|
|
|
f282d1 |
index 14ee18e..6fe11a0 100644
|
|
|
f282d1 |
--- a/src/cc/bcc_proc.c
|
|
|
f282d1 |
+++ b/src/cc/bcc_proc.c
|
|
|
f282d1 |
@@ -446,8 +446,10 @@ const char *bcc_procutils_language(int pid) {
|
|
|
f282d1 |
while (isspace(mapname[0])) mapname++;
|
|
|
f282d1 |
for (i = 0; i < nb_languages; i++) {
|
|
|
f282d1 |
snprintf(pathname, sizeof(pathname), "/lib%s", languages[i]);
|
|
|
f282d1 |
- if (strstr(mapname, pathname))
|
|
|
f282d1 |
+ if (strstr(mapname, pathname)) {
|
|
|
f282d1 |
+ fclose(procfile);
|
|
|
f282d1 |
return languages[i];
|
|
|
f282d1 |
+ }
|
|
|
f282d1 |
if ((str = strstr(mapname, "libc")) &&
|
|
|
f282d1 |
(str[4] == '-' || str[4] == '.'))
|
|
|
f282d1 |
libc = true;
|
|
|
f282d1 |
diff --git a/src/cc/common.cc b/src/cc/common.cc
|
|
|
f282d1 |
index 1cfe91a..c8370a3 100644
|
|
|
f282d1 |
--- a/src/cc/common.cc
|
|
|
f282d1 |
+++ b/src/cc/common.cc
|
|
|
f282d1 |
@@ -57,6 +57,8 @@ std::string get_pid_exe(pid_t pid) {
|
|
|
f282d1 |
res = readlink(exe_link.c_str(), exe_path, sizeof(exe_path));
|
|
|
f282d1 |
if (res == -1)
|
|
|
f282d1 |
return "";
|
|
|
f282d1 |
+ if (res >= sizeof(exe_path))
|
|
|
f282d1 |
+ res = sizeof(exe_path) - 1;
|
|
|
f282d1 |
exe_path[res] = '\0';
|
|
|
f282d1 |
return std::string(exe_path);
|
|
|
f282d1 |
}
|
|
|
f282d1 |
diff --git a/src/cc/frontends/b/parser.cc b/src/cc/frontends/b/parser.cc
|
|
|
f282d1 |
index 9e61346..8a5e149 100644
|
|
|
f282d1 |
--- a/src/cc/frontends/b/parser.cc
|
|
|
f282d1 |
+++ b/src/cc/frontends/b/parser.cc
|
|
|
f282d1 |
@@ -199,8 +199,10 @@ StmtNode * Parser::func_add(vector<int> *types, Scopes::StateScope *scope,
|
|
|
f282d1 |
auto cur_scope = scopes_->current_var();
|
|
|
f282d1 |
scopes_->set_current(scope);
|
|
|
f282d1 |
for (auto it = formals->begin(); it != formals->end(); ++it)
|
|
|
f282d1 |
- if (!variable_add(nullptr, it->get()))
|
|
|
f282d1 |
+ if (!variable_add(nullptr, it->get())) {
|
|
|
f282d1 |
+ delete decl;
|
|
|
f282d1 |
return nullptr;
|
|
|
f282d1 |
+ }
|
|
|
f282d1 |
scopes_->set_current(cur_scope);
|
|
|
f282d1 |
decl->scope_ = scope;
|
|
|
f282d1 |
scopes_->top_func()->add(id->name_, decl);
|
|
|
f282d1 |
diff --git a/src/cc/libbpf.c b/src/cc/libbpf.c
|
|
|
f282d1 |
index c23030e..acfbc5e 100644
|
|
|
f282d1 |
--- a/src/cc/libbpf.c
|
|
|
f282d1 |
+++ b/src/cc/libbpf.c
|
|
|
f282d1 |
@@ -925,6 +925,7 @@ static void exit_mount_ns(int fd) {
|
|
|
f282d1 |
|
|
|
f282d1 |
if (setns(fd, CLONE_NEWNS))
|
|
|
f282d1 |
perror("setns");
|
|
|
f282d1 |
+ close(fd);
|
|
|
f282d1 |
}
|
|
|
f282d1 |
|
|
|
f282d1 |
int bpf_attach_uprobe(int progfd, enum bpf_probe_attach_type attach_type,
|
|
|
f282d1 |
diff --git a/src/cc/usdt/usdt.cc b/src/cc/usdt/usdt.cc
|
|
|
f282d1 |
index 2992593..2010520 100644
|
|
|
f282d1 |
--- a/src/cc/usdt/usdt.cc
|
|
|
f282d1 |
+++ b/src/cc/usdt/usdt.cc
|
|
|
f282d1 |
@@ -478,8 +478,9 @@ const char *bcc_usdt_get_probe_argctype(
|
|
|
f282d1 |
void *ctx, const char* probe_name, const int arg_index
|
|
|
f282d1 |
) {
|
|
|
f282d1 |
USDT::Probe *p = static_cast<USDT::Context *>(ctx)->get(probe_name);
|
|
|
f282d1 |
- std::string res = p ? p->get_arg_ctype(arg_index) : "";
|
|
|
f282d1 |
- return res.c_str();
|
|
|
f282d1 |
+ if (p)
|
|
|
f282d1 |
+ return p->get_arg_ctype(arg_index).c_str();
|
|
|
f282d1 |
+ return "";
|
|
|
f282d1 |
}
|
|
|
f282d1 |
|
|
|
f282d1 |
void bcc_usdt_foreach(void *usdt, bcc_usdt_cb callback) {
|
|
|
f282d1 |
--
|
|
|
f282d1 |
2.17.1
|
|
|
f282d1 |
|